Thread: Not writing to mySQL database

Im trying to set up a register page on my website, i have setup a mySQL DB and user, I have completed the code, however, when the form is submitted i get these two errors


Warning: mysql_connect() [function.mysql-connect]: Access denied for user '*****bid_admin'@'127.0.0.1' (using password: YES) in /home/*****bid/public_html/register.php on line 110


Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/*****bid/public_html/register.php on line 111

line 110 and 111 are

$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);

the rest of the code is below(DB PW replaced with *********)


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>*****Bidz.com</title>
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1)">
<meta name="GENERATOR" content="Created by BlueVoda">
<style type="text/css">
div#container
{
position: absolute;
left: 50%;
top: 50%;
width: 1385px;
height: 716px;
margin-top: -358px;
margin-left: -692px;
}
</style>
<?PHP
//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
//header ("Location: account.php");
//}

//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them

$uname = "";
$pword = "";
$cpword = "";
$email = "";
$fname = "";
$lname = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

//================================================== ==================
// GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
//================================================== ==================
$uname = $_POST['username'];
$pword = $_POST['password'];
$cpword = $_POST['cpassword'];
$email = $_POST['email'];
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];

$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);

//================================================== ==================
// CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
// A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
// if no errors occur, then $errorMessage will be blank
//================================================== ==================

$uLength = strlen($uname);
$pLength = strlen($pword);

if ($uLength >= 10 && $uLength <= 20) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
}

if ($pLength >= 8 && $pLength <= 16) {$errorMessage = "";}
else {$errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
}

if ($pword == $cpword){$errorMessage = "";}
else {$errorMessage = $errorMessage . "Your passwords do not match" . "<BR>";}


//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error

//================================================== ==================
// Write to the database
//================================================== ==================
if ($errorMessage == "") {

$user_name = "*****bid_admin";
$pass_word = "*********";
$database = "*****bid_usersdb";
$server = "127.0.0.1";

$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {

$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
$email = quote_smart($email, $db_handle);
$fname = quote_smart($fname, $db_handle);
$lname = quote_smart($lname, $db_handle);


//================================================== ==================
// CHECK THAT THE USERNAME IS NOT TAKEN
//================================================== ==================

$SQL = "SELECT * FROM usersdb WHERE UN = $uname";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);

if ($num_rows > 0) {
$errorMessage = "Username already taken";
}

else {

$SQL = "INSERT INTO usersdb (UN, PW, EM, FN, LN) VALUES ($uname, md5($pword), $email, $fname, $lname)";

$result = mysql_query($SQL);

mysql_close($db_handle);

//================================================== ===============================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//================================================== ===============================

session_start();
$_SESSION['login'] = "1";

header ("Location: account.php");

}

}
else {
$errorMessage = "Database Not Found";
}




}

}


?>
<style type="text/css">
img { behavior: url("pngfix.***"); }
</style>
</head>
<body bgcolor="#D5DEFD" text="#000000" <?PHP print $errorMessage;?>>
<div id="container">
<div id="bv_Shape2" style="position:absolute;left:253px;top:206px;widt h:886px;height:2542px;z-index:0;" align="center">
<img src="images/bv01041.gif" id="Shape2" align="top" alt="" title="" border="0" width="886" height="2542"></div>
<img src="images/bv01003.png" align="top" alt="" border="0" width="383" height="158" style="position:absolute;left:502px;top:14px;width :383px;height:158px;z-index:1">
<div id="bv_Html1" style="position:absolute;left:557px;top:289px;widt h:271px;height:309px;z-index:2;" align="left">
<FORM NAME ="register" METHOD ="POST" ACTION ="register.php">

First Name: <INPUT TYPE = 'TEXT' Name ='firstname' value="<?PHP print $fname;?>"> <br><br>
Last Name: <INPUT TYPE = 'TEXT' Name ='lastname' value="<?PHP print $lname;?>" ><br><br>
Email: &nbsp &nbsp &nbsp&nbsp&nbsp <INPUT TYPE = 'TEXT' Name ='email' value="" ><br><br>
Username (20 Characters max): <INPUT TYPE = 'TEXT' Name ='username' value="" maxlength="20"><br><br>
Password (16 Characters max): <INPUT TYPE = 'TEXT' Name ='password' value="" maxlength="16"><br><br>
Confirm Password: <INPUT TYPE = 'TEXT' Name ='cpassword' value="" maxlength="16"><br><br>

<P>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Register">
<input type="reset" id="regclear" name="regclear" value="Clear"
<?PHP print $errorMessage;?>


</FORM></div>
</div>
</body>
</html>

Also here is a link if you want to see what im talking about. click here

after looking at some other posts i changed my server to localhost and that error went away however a new one popped up, now after submitting the form i get the following errors:


Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/*****bid/public_html/register.php: in /home/*****bid/public_html/register.php on line 147

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/*****bid/public_html/register.php: in /home/*****bid/public_html/register.php on line 147

Warning: Cannot modify header information - headers already sent by (output started at /home/*****bid/public_html/register.php: in /home/*****bid/public_html/register.php on line 150



the code that it is reffering to is supposed to start a session and redirect the user to a different page upon successful registration, i have read other posts that say it should be moved up in the script but that poses two problems, i dont want the session to start until after registration and when i did move it to the top (to test) it threw the same errors, any ideas on what might be going on?

here is the updated code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>*****Bidz.com</title>
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1)">
<meta name="GENERATOR" content="Created by BlueVoda">
<style type="text/css">
div#container
{
position: absolute;
left: 50%;
top: 50%;
width: 1385px;
height: 716px;
margin-top: -358px;
margin-left: -692px;
}
</style>
<?PHP
//session_start();
//if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
//header ("Location: account.php");
//}

//set the session variable to 1, if the user signs up. That way, they can use the site straight away
//do you want to send the user a confirmation email?
//does the user need to validate an email address, before they can use the site?
//do you want to display a message for the user that a particular username is already taken?
//test to see if the u and p are long enough
//you might also want to test if the users is already logged in. That way, they can't sign up repeatedly without closing down the browser
//other login methods - set a cookie, and read that back for every page
//collect other information: date and time of login, ip address, etc
//don't store passwords without encrypting them

$uname = "";
$pword = "";
$cpword = "";
$email = "";
$fname = "";
$lname = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

//================================================== ==================
// GET THE CHOSEN U AND P, AND CHECK IT FOR DANGEROUS CHARCTERS
//================================================== ==================
$uname = $_POST['username'];
$pword = $_POST['password'];
$cpword = $_POST['cpassword'];
$email = $_POST['email'];
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];

$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);

//================================================== ==================
// CHECK TO SEE IF U AND P ARE OF THE CORRECT LENGTH
// A MALICIOUS USER MIGHT TRY TO PASS A STRING THAT IS TOO LONG
// if no errors occur, then $errorMessage will be blank
//================================================== ==================

$uLength = strlen($uname);
$pLength = strlen($pword);

if ($uLength >= 10 && $uLength <= 20) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
}

if ($pLength >= 8 && $pLength <= 16) {$errorMessage = "";}
else {$errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
}

if ($pword == $cpword){$errorMessage = "";}
else {$errorMessage = $errorMessage . "Your passwords do not match" . "<BR>";}


//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error

//================================================== ==================
// Write to the database
//================================================== ==================
if ($errorMessage == "") {

$user_name = "*****bid_admin";
$pass_word = "!7HardCore!7";
$database = "*****bid_usersdb";
$server = "localhost";

$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {

$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
$email = quote_smart($email, $db_handle);
$fname = quote_smart($fname, $db_handle);
$lname = quote_smart($lname, $db_handle);


//================================================== ==================
// CHECK THAT THE USERNAME IS NOT TAKEN
//================================================== ==================

$SQL = "SELECT * FROM usersdb WHERE UN = $uname";
$result = mysql_query($SQL);
//$num_rows = ;

if ($result > 0) {
$errorMessage = "Username already taken";
}

else {

$SQL = "INSERT INTO usersdb (UN, PW, EM, FN, LN) VALUES ($uname, md5($pword), $email, $fname, $lname)";

$result = mysql_query($SQL);

mysql_close($db_handle);

//================================================== ===============================
// START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
// SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
//================================================== ===============================

session_start();
$_SESSION['login'] = "1";

header ("Location: account.php");

}

}
else {
$errorMessage = "Database Not Found";
}




}

}


?>
<style type="text/css">
img { behavior: url("pngfix.***"); }
</style>
</head>
<body bgcolor="#D5DEFD" text="#000000" <?PHP print $errorMessage;?>>
<div id="container">
<div id="bv_Shape2" style="position:absolute;left:253px;top:206px;widt h:886px;height:2542px;z-index:0;" align="center">
<img src="images/bv01041.gif" id="Shape2" align="top" alt="" title="" border="0" width="886" height="2542"></div>
<img src="images/bv01003.png" align="top" alt="" border="0" width="383" height="158" style="position:absolute;left:502px;top:14px;width :383px;height:158px;z-index:1">
<div id="bv_Html1" style="position:absolute;left:459px;top:289px;widt h:648px;height:366px;z-index:2;" align="left">
<FORM NAME ="register" METHOD ="POST" ACTION ="register.php">

<tr>
<td align ="center">First Name: <INPUT TYPE = 'TEXT' Name ='firstname' value="<?PHP print $fname;?>"</td> <br><br>
<td align ="center">Last Name: <INPUT TYPE = 'TEXT' Name ='lastname' value="<?PHP print $lname;?>" ></td><br><br>
<td align ="center">Email: &nbsp &nbsp &nbsp&nbsp&nbsp <INPUT TYPE = 'TEXT' Name ='email' value="<?php print $email; ?>" ></td><br><br>
<td align ="center">Username (20 Characters max): <INPUT TYPE = 'TEXT' Name ='username' value="<?php print $uname; ?>" maxlength="20"></td><br><br>
<td align ="center">Password (16 Characters max): <INPUT TYPE = 'password' Name ='password' value="<?php print $pword; ?>" maxlength="16"></td><br><br>
<td align ="center">Confirm Password: <INPUT TYPE = 'password' Name ='cpassword' value="<?php print $cpword; ?>" maxlength="16"></td><br><br>
</tr>
<P>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Register">
<input type="reset" id="regclear" name="regclear" value="Clear"

<p>
<br>
<?PHP print $errorMessage;?>


</FORM></div>
</div>
</body>
</html>

fixed above problem by starting a session at the begining of the page and destroying it if the registration is unsuccessful, is there a better way to accomplish what im trying to do?

Your sessions problem is that you have the PHP hosting code MUST be at the start of the page.
Instead, you are having HTML code before the PHP code and this causes the issue
Move the PHP code in start of page.